With the increase of risk with medical records becoming electronic. We opted to encrypt every computer as well as any thumbdrive device that is plugged into our hospital computers.

Team Members

Tagged MSPs

Categories

The project was to encrypt all machines and enforce all new files written to removable media to be encrypted as well. The server was fairly easy to build. We had to make sure Certificate services was running and healthy, but that wasn't too difficult. Where we ran into some issues is with machines that are shared with multiple users. After the hard drives are encrypted symantec enrolls users that log on to the machine. The problem is that if only one person has enrolled and then the computer later is rebooted then no other user can get in. This was a huge headache and we ended up getting service desk calls every 5 minutes. To work around this issue we ended up having to set those devices to autologon. We lose a little bit of the security there so we put a rule in effect that if the machine doesn't communicate within a 24 hr period it gets locked and no one can login. All in all I think it was pretty successful.